Monday Feb 09, 2009

Great news! Anyone who registers and attends our OpenSSO Community Day in Munich will qualify for a 20% discount to the European Identity Conference (EIC), also in Munich. Our community day is on May 5 during the EIC preconference events and EIC officially begins on May 6.

Being an unconference, the only rigid item on the agenda will be to decide at 9am on the sessions for the rest of the day. You can show up and talk about any OpenSSO-related topic you like. Maybe you have an interesting deployment, a new extension or a nagging question - sessions can be discussions as much as presentations. Now, that doesn't mean that there need be zero preparation - if you have a session in mind, go to the wiki and add it there, so folks can get an idea of the likely content ahead of time. We've already posted a few ideas.

All are welcome, attendance is free, and lunch will be provided. We'll likely adjourn to a nearby bar at the end of the day to continue the conversation

Thursday Feb 05, 2009

A few weeks ago I did a customer webinar to about 150+ people on OpenSSO with Jamie Nelson, my engineering brother in arms. The preso outlines our direction over the next 12 months. Check it out. No muppet songs in this video.

Due to early demand, the OpenSSO Community Day @ NYU has super sized to a larger room so that we can hold up to 75 participants! So . . . if you are working on an access management, federation, or a secure web services project using OpenSSO or are just interested in learning about open source web access management tools then sign-up before the registration fills! First come, first served!

I have to admit that when we were planning this event we thought the first event would be quite small. Maaaaaaaan were we wrong. People are really excited about our first community event and it's sparked some ideas on doing more events in other regions -- stay tuned Europa!

Tuesday Feb 03, 2009

At the end of last week, I did a write-up on how we are extending OpenSSO to include Service-Level Monitoring. Today I'd like to talk about 1x Password capabilities that we are adding to OpenSSO.

One time passwords are used when an organization wants a higher level of authentication for users trying to access a web application. That is, they want to require a second way to authenticate users, such as a physical token card, besides simply entering a user name and password. This is commonly seen in the financial services sector when trying to access bank accounts or when accessing a corporate intranet remotely.

The challenge with physical token cards is that they tend to be expensive to purchase and disseminate. As an alternative, we are in the process of adding capabilities to OpenSSO that allows a user to obtain a 1x password via your mobile phone (i.e. - using SMS text messages). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a robust offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.

Above is a video of what we are building. The solution uses Open Authentication (OATH) to do standards-based strong authentication. It's still rough, but this will give you a taste of what we are building.

Friday Jan 30, 2009

A few weeks ago I blogged that I would start going in to detail on the OpenSSO roadmap. I've been a bit slow in doing this so no more procrastination on my side. Here's the skinny on service-level monitoring.

The goal of service-level monitoring is to provide standards-based way for systems management solutions to view reports on OpenSSO component behavior, quickly view a dashboard for trends and deloyment status, diagnose problems and set threshhold alarms. OpenSSO was instrumented with the Java Enterprise System Monitoring framework APIs, which is CIM compliant, but we are now expanding it to support SNMP and plain JMX to monitor deployment status.

Within the OpenSSO community we are actively working to develop robust monitoring for large-scale deployments that allows system and network administrators to proactively manage important enterprise assets that range from physical devices to systems and applications. Through our new service-level monitoring capabilities deployers will be able to monitor their deployment health, detect and diagnose problems and use reported metrics to size deployments.

The monitoring solution will use monitoring agents and leverage existing agents such as those provided with OpenDS, GlassFish and the Java Virtual Machine. The mosaic of agents will all reporting management data to a management console, which can aggregate the information and present a single consolidated view for administrators.

Data captured by the OpenSSO monitoring solution will fall into the following categories for each OpenSSO component:

The traditional commercial release of service-level monitoring is March 2010, but as you know we support features upon completion in OpenSSO Express Builds the moment they are done, so regularly check the OpenSSO project to "monitor" development status.

Being an unconference, the only rigid item on the agenda is to decide at 9am on the sessions for the rest of the day. You can show up and talk about any OpenSSO-related topic you like. Maybe you have an interesting deployment, a new extension or a nagging question - sessions can be discussions as much as presentations. Now, that doesn't mean that there need be zero preparation - if you have a session in mind, go to the wiki and add it there, so folks can get an idea of the likely content ahead of time. We've already posted a few ideas:

Friday Jan 16, 2009

HOORAY! Developer.com selected OpenSSO Enterprise as the Security Product of the Year. I definitely did a Pee Wee Herman dance (see below) when I saw this one. We're real proud of our relationship with the development community and make it a huge part of our focus. We're glad people are noticing and expect to see lots of great things out of the OpenSSO Community again this year. Congrats everyone!

Hey All! As "Pat mentioned, I'm doing a webinar on Everyday Access, Federation and Secure Web Services on Tuesday, Januaray 21. Preso is aimed at highlighting the core problems that web access management tools address and a tiered approach to conquering them from easiest to hardest. If you want to hear my schpeal click the link below to register. I may not be the IdentiCat this time, but I promise to entertain and make some jokes at Pat's expense.

Friday Jan 09, 2009

Happy New Year! I just finished watching a portion of the new Ping Star Wars parody. (Sorry Ping friends. I didn't make it through the entire thing. It's just reeeeeaaaal loooooong.) I have to laugh though when I see them making the open v. proprietary and big v. small argument because Ping's commercial product is closed and proprietary!

OpenSSO is 100% open source, has a thriving external community and is completely free in all aspects of the word. We have lots of stories of companies deploying it on there own without Sun knowledge and from an innovation stand point we are moving at a trailblazing pace.

So . . . In the spirit of openness, it's that time of year where I plan to outline what we'll be doing in the OpenSSO Project over the next few months. I plan to write a multi-part series outlining the major features we will be adding to the product. To give a teaser, the core features that I'll be writing about are listed below. Stay tuned for more details over the next week or so.

Wednesday Dec 03, 2008

Love this blog from Ping Identity -- Top 10 Things That IT Does in Tough Times. I couldn't agree more about the uptake on open source. We've seen a significant increase in OpenSSO activity over the last two months and attribute this to organizations looking for open source identity alternatives during these tough times. Check out our month by month message activity in the OpenSSO Project below.

Tuesday Dec 02, 2008

The Sun Writers have been popping our tons of great technical articles of late on how to use OpenSSO 8. The latest one shows how to use OpenSSO and simpleSAMLphp to federate between an identity provider application written in Java and a service provider application written in php. The article uses SugarCRM, an open source php application, as an example. Check out the article and try it out if you have time!

Monday Dec 01, 2008

I'm thrilled to say we were positioned as a leader in the Gartner WAM MQ again this year. I'm very happy with the results and encourage you to focus on the strengths and weaknesses of each vendor rather than the color of the pretty dots. :-) Below is the image and Sun's strengths and weaknesses. We thought our growth was pretty impressive last year, Gartner didn't agree. Don't worry about that though, because we're just getting started. In fact, our product revenue grew by 30% last year. If you're interested in reading the whole report click here.

SUN MICROSYSTEMS

Product: Sun OpenSSO Enterprise (formerly Sun Access Manager)

Sun is a leader in the WAM market, due to a combination of technical platform expertise, diverse and experienced partnerships in consulting and SI; a growing customer base; and consistent customer service. OpenSSO Enterprise is a full-featured product, with identity federation, SOA capabilities and built-in Web services security functions.

Strengths

\* Due to technical platform expertise, diverse and experienced partnerships in consulting and SI, a growing customer base, and consistent customer service, Sun is a leader in the WAM market.

\* Sun plays a leadership role in open-source WAM through the OpenSSO project, which gives the company a potential customer base and the benefit of the efforts of the community that has developed around OpenSSO. When this option is included, Sun has the widest variety of pricing options for a WAM offering, and also has appealing standard pricing.

\* Sun has focused on ancillary functionality to ease deployment, including federation partner offerings ("fedlets"), as well as standard, out-of-the-box task-based workflows.

Thursday Nov 20, 2008

There's a new pyramid scheme hitting the world of identity called entitlements management. It's sprouted up as a new space and lots of vendors are selling standalone entitlement management solutions that customers purchase and deploy in to their environments. I just don't get it! Web Access Management solutions were built to do this. Rather than create a completely separate solution to deploy and maintain in your environment why not leverage that?

So . . . This rant is aimed at telling you three things about Sun's entitlement management plans.

1. We are in the process of expanding OpenSSO to handle Fine Grained Authorization / Entitlement Management out-of the box! We will NOT sell you another thing that you need to deploy in to your datacenter.

2. You will see this in OpenSSO Express by late Spring / Early Summer! Yep. This one is in the works and it's going to be very cool. We have some slick ideas and this is going to be our next "fedlet."

3. It will be all be open source! You heard that right. Everything we do will be available via the opensso community and free to use. If you are interested in contributing let us know.

Sun will be the ONLY provider to offer a single solution that not only does access controls, federation and secure web services, but also entitlement management. Stay tuned for more to come!!!!

Thursday Nov 13, 2008

Wajih Ahmed, a senior systems engineer and technical specialist at Sun, just published a nice article on the Sun Developer Network that explains how to use OpenSSO to federate with Google Apps. Take a read and give it a shot!